aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorGrant Likely <grant.likely@secretlab.ca>2012-07-25 00:31:09 -0400
committerGrant Likely <grant.likely@secretlab.ca>2012-07-25 00:34:40 -0400
commit6aeea3ecc33b1f36dbc3b80461d15a7052ae424f (patch)
treebbd273e3e0ca76094aed8e9c77e5adfe2b07f779 /security/selinux/hooks.c
parent9844a5524ec532aee826c35e3031637c7fc8287b (diff)
parentbdc0077af574800d24318b6945cf2344e8dbb050 (diff)
Merge remote-tracking branch 'origin' into irqdomain/next
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 372ec6502aa8..689fe2d22165 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2157,8 +2157,7 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2157 get_file(devnull); 2157 get_file(devnull);
2158 } else { 2158 } else {
2159 devnull = dentry_open( 2159 devnull = dentry_open(
2160 dget(selinux_null), 2160 &selinux_null,
2161 mntget(selinuxfs_mount),
2162 O_RDWR, cred); 2161 O_RDWR, cred);
2163 if (IS_ERR(devnull)) { 2162 if (IS_ERR(devnull)) {
2164 devnull = NULL; 2163 devnull = NULL;
@@ -2717,7 +2716,7 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2717 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) 2716 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2718 return dentry_has_perm(cred, dentry, FILE__SETATTR); 2717 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2719 2718
2720 if (ia_valid & ATTR_SIZE) 2719 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2721 av |= FILE__OPEN; 2720 av |= FILE__OPEN;
2722 2721
2723 return dentry_has_perm(cred, dentry, av); 2722 return dentry_has_perm(cred, dentry, av);
@@ -5763,21 +5762,21 @@ static struct nf_hook_ops selinux_ipv4_ops[] = {
5763 { 5762 {
5764 .hook = selinux_ipv4_postroute, 5763 .hook = selinux_ipv4_postroute,
5765 .owner = THIS_MODULE, 5764 .owner = THIS_MODULE,
5766 .pf = PF_INET, 5765 .pf = NFPROTO_IPV4,
5767 .hooknum = NF_INET_POST_ROUTING, 5766 .hooknum = NF_INET_POST_ROUTING,
5768 .priority = NF_IP_PRI_SELINUX_LAST, 5767 .priority = NF_IP_PRI_SELINUX_LAST,
5769 }, 5768 },
5770 { 5769 {
5771 .hook = selinux_ipv4_forward, 5770 .hook = selinux_ipv4_forward,
5772 .owner = THIS_MODULE, 5771 .owner = THIS_MODULE,
5773 .pf = PF_INET, 5772 .pf = NFPROTO_IPV4,
5774 .hooknum = NF_INET_FORWARD, 5773 .hooknum = NF_INET_FORWARD,
5775 .priority = NF_IP_PRI_SELINUX_FIRST, 5774 .priority = NF_IP_PRI_SELINUX_FIRST,
5776 }, 5775 },
5777 { 5776 {
5778 .hook = selinux_ipv4_output, 5777 .hook = selinux_ipv4_output,
5779 .owner = THIS_MODULE, 5778 .owner = THIS_MODULE,
5780 .pf = PF_INET, 5779 .pf = NFPROTO_IPV4,
5781 .hooknum = NF_INET_LOCAL_OUT, 5780 .hooknum = NF_INET_LOCAL_OUT,
5782 .priority = NF_IP_PRI_SELINUX_FIRST, 5781 .priority = NF_IP_PRI_SELINUX_FIRST,
5783 } 5782 }
@@ -5789,14 +5788,14 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
5789 { 5788 {
5790 .hook = selinux_ipv6_postroute, 5789 .hook = selinux_ipv6_postroute,
5791 .owner = THIS_MODULE, 5790 .owner = THIS_MODULE,
5792 .pf = PF_INET6, 5791 .pf = NFPROTO_IPV6,
5793 .hooknum = NF_INET_POST_ROUTING, 5792 .hooknum = NF_INET_POST_ROUTING,
5794 .priority = NF_IP6_PRI_SELINUX_LAST, 5793 .priority = NF_IP6_PRI_SELINUX_LAST,
5795 }, 5794 },
5796 { 5795 {
5797 .hook = selinux_ipv6_forward, 5796 .hook = selinux_ipv6_forward,
5798 .owner = THIS_MODULE, 5797 .owner = THIS_MODULE,
5799 .pf = PF_INET6, 5798 .pf = NFPROTO_IPV6,
5800 .hooknum = NF_INET_FORWARD, 5799 .hooknum = NF_INET_FORWARD,
5801 .priority = NF_IP6_PRI_SELINUX_FIRST, 5800 .priority = NF_IP6_PRI_SELINUX_FIRST,
5802 } 5801 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-22 16:46:54 -0400